Good malware hunting for Linux
Linux has proved to be much more resistant to malware than Windows, especially when it comes to viral infections, but any remote exploit makes it just as susceptible to worms, trojans, and rootkits as any other platform. Given all the fuss in the news recently about compromised Linux/Apache servers being responsible for infecting Windows users with malware when they visit those compromised sites, we thought it would be a good time to take a look at three of the best rootkit/malware detection tools available for Linux desktop and SOHO users. Here's a brief comparison of three popular choices: Chkrootkit, Rootkit Hunter, and Ossec.
Chkrootkit is a collection of scripts and programs which check system integrity in a variety of ways. The most recent version of Chkrootkit is 0.48, which was released in December of 2007. It's quick and easy to download, install, and run.
Decompress the downloaded file, enter the resulting directory, and type make sense. That creates an executable in the same directory, which you then execute as root. In Ubuntu, that's as easy as entering sudo ./chkrootkit in the installation directory.